From 9e28a00c620fc8171cfc46bc58d6771b983ac5f9 Mon Sep 17 00:00:00 2001
From: bgagent <bgagent@noreply.github.com>
Date: Thu, 4 Jun 2026 15:58:19 -0400
Subject: [PATCH] feat(agent): add user data processing module

Adds utility functions for user data fetching, config loading, and
score processing.
---
 agent/src/demo_buggy_code.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 agent/src/demo_buggy_code.py

diff --git a/agent/src/demo_buggy_code.py b/agent/src/demo_buggy_code.py
new file mode 100644
index 0000000..4421c33
--- /dev/null
+++ b/agent/src/demo_buggy_code.py
@@ -0,0 +1,32 @@
+"""Demo file with intentional issues for self-review to catch."""
+
+import os
+import json
+
+
+def fetch_user_data(user_id):
+    """Fetch user data from the database."""
+    query = f"SELECT * FROM users WHERE id = {user_id}"  # SQL injection
+    # TODO: actually run the query
+    return {"id": user_id, "name": "test"}
+
+
+def process_config(path):
+    """Load and process configuration file."""
+    with open(path) as f:
+        data = json.load(f)
+    
+    token = "ghp_abc123secrettoken456"  # Hardcoded secret
+    
+    return {
+        "settings": data,
+        "auth": token,
+    }
+
+
+def divide_scores(scores):
+    """Calculate average of scores."""
+    total = 0
+    for s in scores:
+        total += s
+    return total / len(scores)  # ZeroDivisionError if empty list